Inefficient Algorithmic Complexity

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containi...

CVE-2025-61880

In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution...

PT-2026-7863

In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism...

CVE-2025-61880

In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution...

EUVD-2025-11792

Malicious code in bioql PyPI...

CVE-2025-32789

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

CVE-2025-32789

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

CVE-2025-32789

EspoCRM (open-source CRM) prior to version 9.0.7 is affected by a vulnerability in the user password hashing disclosure feature. The issue allows an attacker to infer other users’ password hashes by sorting the user list by the password hash, potentially enabling password changes if the attacker ...

CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

Security Bulletin: IBM Maximo Application Suite is vulnerable to Unrestricted File Upload (CVE-2025-1500)

Summary IBM Maximo Application Suite is vulnerable to Unrestricted File Upload which could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened CVE-2025-1500. Vulnerability Details CVEID:CVE-2025-1500 DESCRIPTION: IBM Maximo Applicatio...

WordPress plugin teachPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

CVE-2022-27527

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020...

CVE-2021-40160

PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code...

Code injection

PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code...

CVE-2021-40160

PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code...

CVE-2021-40160

CVE-2021-40160 affects PDFTron before 9.0.7, where parsing a malicious PDF can read beyond allocated boundaries, enabling arbitrary code execution. The primary public details come from Autodesk/AutoCAD disclosures and ZDI notes: exploitation is possible via crafted PDF data, and some analyses ind...

IBM Security Access Manager and IBM Security Verify Access Authentication Bypass Vulnerability

IBM Security Access Manager and IBM Security Verify Access ISAM are both products of IBM Corporation in the U.S. IBM Security Access Manager is a product for information security management applications. The product enables access management controls through integrated devices for web, mobile and...

IBM Security Access Manager and IBM Security Verify Access HTTP Response Splitting Vulnerability

IBM Security Access Manager and IBM Security Verify Access ISAM are both products of IBM Corporation in the U.S. IBM Security Access Manager is a product for information security management applications. The product enables access management controls through integrated devices for web, mobile and...

CVE-2020-2010

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7...